CVE-2023-29464

Summary

CVE	CVE-2023-29464
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-10-13 13:15:00 UTC
Updated	2023-10-20 20:10:00 UTC
Description	FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is large enough, it causes communications over the common industrial protocol to become unresponsive to any type of packet, resulting in a denial-of-service to FactoryTalk Linx over the common industrial protocol.

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Rockwellautomation	Factorytalk Linx	6.20	All	All	All
Application	Rockwellautomation	Factorytalk Linx	6.30	All	All	All

References

Reference	Source	Link	Tags
Sign In	MISC	rockwellautomation.custhelp.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

591428 Rockwell Automation FactoryTalk Linx Denial of Service (DoS) and Information Disclosure Vulnerabilities (ICSA-23-290-02)